If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Who framed Internet Explorer.

09-Sep-2002- Internet Explorer does it again. This time, sites that use frames or iframes are exposing their users to attacks. We discovered that it is possible for an attacker to execute script on any site that contains a frame or iframe element, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that with little effort, an attacker is able to read local files, execute arbitrary programs, steal cookies, forge site content and more.

read through that, and found it very interesting. Although besides reading certain files off of a vulerable server, what could possably be done here? I see that you can run code on there, what kind of code is it, and what kind of security problems does this make?

I am open to comments...

Have done some extensive testing on this and found it does not work correctly, or as stated. I have gotten it to work locally from the source, but fail to get it to work correctly remotely...

What I can see is the code execution a variation of a old (several?) vulnerabilitie(s).

The danger could be if someone could plant a custom executable on the system. Or if its possible to pass switches to command utilities with this vulnerability. I could not start a program and pass switches to it with this vulnerability, but Im far from a programming expert and a skilled person may find a way to do this.

Similiar security flaws can be found in the following threads (and older threads aswell):